GoSecure Blog

Jim Ishikawa

Recent Posts

Last week, the New York Times reported that just three months after hackers working for the Chinese People’s Liberation Army went dark, they’re back at it again, targeting countless American companies and government agencies. The group is responsible for many high profile breaches – from Coca-Cola to RSA to Lockheed Martin. While many of us were not surprised by this recent resurgence of attacks, it is very troubling to note that “the victims were many of the same ones the unit had attacked before.”

So they’re back in. What’s the problem? I don’t think it’s for lack of trying. Certainly among our enterprise customers, everyone is heavily invested in the latest advanced threat tools and sophisticated security analysis and incident response teams. And I don’t think it’s because the Chinese have better attack tools. Our research indicates that their weapons are generally no more (or less) sophisticated than those of other criminal enterprises around the world.

The New York Times attack is all over the news this morning. We’re lucky in some ways that this happened to the Times. As their security beat reporter, Nicole Perlroth, noted in an interview on NPR this morning, as a media company, the NYT staff was more willing to talk publicly about what happened than most organizations would be. We don’t often see coverage of advanced attacks in such detail, but the problem is widely known, if not widely understood.

I applaud the Times for recognizing a possible threat, being proactive in starting to monitor its network, and following through with strong incident response. However, the account noted that there was evidence that the attackers had been in the NYT network for months before perpetrating this attack. Indeed, Perlroth reported that, “Investigators still do not know how hackers initially broke into The Times’ systems.”